[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #214212 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]
Hank Nussbacher
hank at mail.iucc.ac.il
Fri Nov 17 14:13:11 IST 2023
________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Friday, November 17, 2023 2:13:06 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #214212 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]
Please find the analysis details for the Alert ID: 214212
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
-----------------------------------------------------
1278300 4261 6.5% 52.107.243.4
825600 2752 4.2% 209.85.137.254
721800 2406 3.7% 31.13.84.52
376500 1255 1.9% 163.70.147.63
254700 849 1.3% 31.13.84.51
253500 845 1.3% 142.250.180.174
242400 808 1.2% 31.13.84.4
217800 726 1.1% 3.160.196.80
209100 697 1.1% 128.139.200.5
207600 692 1.1% 2001:bf8:900:7::4
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
-----------------------------------------------------
3846000 12820 19.7% 132.74.6.143
3844500 12815 19.7% 132.68.1.2
3774900 12583 19.3% 132.68.239.9
3696600 12322 18.9% 132.68.1.9
1438500 4795 7.4% 128.139.225.245
1417800 4726 7.2% 192.114.3.241
547800 1826 2.8% 128.139.35.5
498300 1661 2.5% 128.139.200.60
451500 1505 2.3% 128.139.34.240
353400 1178 1.8% 2001:bf8:100:1::2
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
---------------------------------------------------------------------
128.139.225.245 1400708100
443 128.139.225.245 1274701500
31.13.84.52 443 881657400
31.13.84.52 881657400
163.70.147.63 443 466201200
163.70.147.63 466201200
192.114.91.211 357287700
443 192.114.91.211 337336500
3.160.196.80 443 318210900
3.160.196.80 56286 318210900
Further Details:
https://primary.nemo.geant.org/alerts/details/214212/
More information about the Nemo-ddos-list
mailing list